» utilbizzybolt.exe
Overview
Analysis
File Details
Programs (1)

utilbizzybolt.exe

Bizzybolt

Part of the Yontoo adware component, a web browser plugin that injects unwanted ads in the browser. The application utilbizzybolt.exe by Bizzybolt has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program Bizzybolt by Yontoo Technology, Inc. which is a potentially unwanted software program.

File name:

utilbizzybolt.exe

Publisher:

Bizzybolt (signed and verified)

Version:

1.0.5218.21605

MD5:

9aeb2c3292cb573fcd2ea64d3f450d10

SHA-1:

03cfb1c3bebacf67d2c80a9208f6287ce340836d

SHA-256:

eaa0e6283f07e5fc68b925e6d824135d5a53901a6cd0fb149c0433d7f5abdaae

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Belongs to the Sambreel/Yontoo progam that inserts various forms of advertising in the user's web browser, installed with minimal or no user consent.

Analysis date:

4/19/2024 2:09:36 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Yontoo.Bizzybolt (M)

16.2.4.14

File size:

342.3 KB (350,496 bytes)

Product version:

1.0.5218.21605

Original file name:

Bizzybolt.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\bizzybolt\bin\utilbizzybolt.exe

Digital Signature

Signed by:

Bizzybolt

Authority:

VeriSign, Inc.

Valid from:

11/13/2013 10:00:00 PM

Valid to:

11/14/2014 9:59:59 PM

Subject:

CN=Bizzybolt, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Bizzybolt, L=Santa Monica, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0685C192D4CB282599187BB8B1DA543C

File PE Metadata

Compilation timestamp:

4/15/2014 10:00:24 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

6144:BAh5C43C31YqTP41AWv2eVzN+uCF3BVGwzkhEg1Jn+oCxux7uyj+acLbQA9yLU:BAh5MssS/+oCxux7uehXn4

Entry address:

0x5556E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

333.5 KB (341,504 bytes)

The file utilbizzybolt.exe has been discovered within the following program.

Bizzybolt by Yontoo Technology, Inc.

This is an unwanted web browser extension that delivers search hijacking as well as contextual advertising within a user's web browser. The program does this by modifying the user's home and search pages in order to monetize search activities.

bizzybolt.co/support

86% remove it

Remove utilbizzybolt.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.